How to thwart government surveillance and censorship online

Governments around the world are monitoring Internet activity. Find out what you can do to protect your privacy and beat the censors.

Jesse Kline - July 15, 2009

The Canadian government recently introduced legislation that would expand its powers to monitor Canadians Internet activity. Even though the legislation has not yet been passed into law, we already know that governments around the world are monitoring Internet communications. Luckily, there is an abundance of ways to help protect your privacy in cyberspace. The main obstacle to many of these technologies becoming commonplace is a lack of users. For example, it is possible to send encrypted e-mails, but unless the other people within your social network are using the technology, no one will be able to read your messages. If enough people are concerned about protecting their privacy, we may see the critical mass of people necessary to seamlessly integrate some of these technologies into our daily computing experience. Detailed below are some of the ways to protect yourself on the Internet.

Encryption

There are numerous ways to encrypt data that is either being sent over the Internet or stored on a local drive. One of the best pieces of encryption software is The GNU Privacy Guard (GPG), which uses a public/private key system to verify identities, encrypt files, and send encrypted information via e-mail. Users are able to create public keys and upload them to key servers. Other users can then sign their key once they have verified the identity of the key holder. This creates a "web of trust" to help verify that people are who they say they are. People can then send out e-mails with their GPG signature attached so others can be confident of the sender's identity. The system can also be used to encrypt e-mails and files, which can only be decrypted by a specific person or group of people on the other end.

Another method that can be used to hide the fact that an encrypted message is being sent is known as steganography. Using this method, a message can be hidden within a picture, making it hard for a third-party to detect the presence of the hidden message, let alone find out what it says. An extensive list of steganography software can be found at StegoArchive.com. As an example, I used a piece of software called diit to embed the DeCSS source code, which is used to decrypt DVDs and is illegal in some jurisdictions, into an image from my trip to Phoenix. Note that there are ways to break steganography and corresponding workarounds. See here and here for more information.

The advantage of a technology like steganography is that it provides plausibly deniable encryption. In other words, one can claim they had no idea that extra information was hidden within the file they distributed. Other pieces of software offer additional methods of hiding information within other types of files, either for transmission or local storage, including TrueCypt, Elettra, and Rubberhose.

Surveillance is not only a concern when sending messages over the Internet, it can also be used to find out what websites a person has visited and the identity of people posting anonymous comments on blogs. Likewise, governments can go after hosting providers and use filtering technologies to censor information. Fortunately, technology exists that facilitates anonymous browsing, file sharing, and publishing.